About the "Are you sure you want to open it?" alert (File Quarantine / Known Malware Detection) in OS X

OS X improves download validation by providing file quarantine in applications that download files from the Internet. This means that downloads are checked for safety (known malware) when you try to open them.

These attributes include date, time, and a record of where the file was downloaded from.

When you open a file received through a quarantine-aware application, OS X warns you where the file came from. You receive an alert asking, "Are you sure you want to open it?" You should click Cancel if you have any doubts about its safety.

If you have multiple user accounts on your Mac, the user account that downloaded the file is the only user account that can remove the quarantine attribute on a file. All other user accounts can open a quarantined file, but they are still presented with an alert asking "Are you sure you want to open it?" every time they open the file.

Known malware check

Mac OS X Snow Leopard v10.6 and later also check for known instances of "malware", or malicious software. When you open a quarantined file, OS X checks to see if it includes known malware. If so, an alert message similar to the following appears:

If you see "(file name) will damage your computer." You should click Move to Trash.

If the file is a disk image, you should click Eject Disk Image and then delete the source file.

Tip: Click the Help icon in the lower left corner of the alert message for more information about malware.

Blocking web plug-ins

To help limit exposure to potential "zero day" exploits from web plug-in enabled content, OS X also blocks specific versions of web plug-ins from functioning – including Java web apps, or Adobe Flash content. Typically an update to the web plug-in is available on the same day, or shortly after OS X blocks the web plug-in. Install the new update to restore web plug-in function.

Gatekeeper

OS X Lion v10.7.5 and later include Gatekeeper, a technology that allows developers to sign applications. Signed applications normally don't present an alert when you download and open them. Internet files downloaded from other applications get file quarantine attributes but without date, time, and link of the file downloaded.

Advanced users only

You can toggle the ability of File Quarantine to receive updates from Apple about malware and web plug-ins.

Important: Deselecting this option disables the ability to identify new malware, and leaves your Mac vulnerable to new malware without notification.

OS X Mavericks

Choose Apple () menu > System Preferences.

Click the App Store icon in the System Preferences window.

Select or deselect the option to "Install system data files and security updates."

OS X Mountain Lion or earlier

Choose Apple () menu > System Preferences

Click the Security & Privacy icon in the System Preferences window.

If the padlock in the lower left corner of the Security & Privacy pane is locked, click it and enter an administrator name and password.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.